package com.farm.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * TalentPermissionsAuthorizationFilter
 *
 * @author ctidy
 * @since 2021/1/7
 */
public class AnyPermissionsAuthorizationFilter extends PermissionsAuthorizationFilter {
    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        Subject subject = getSubject(request, response);
        String[] permissions = (String[]) mappedValue;

        // 没有权限要求, 不做限制
        if (ObjectUtils.isEmpty(permissions)) {
            return true;
        }

        for (String permission : permissions) {
            // 拥有任一权限, 直接放行
            if (subject.isPermitted(permission)) {
                return true;
            }
        }
        return false;
    }
}
